diff options
author | Benoît Dejean <bdejean@gmail.com> | 2018-02-17 10:21:30 +0100 |
---|---|---|
committer | Benoît Dejean <bdejean@gmail.com> | 2018-03-26 17:44:43 +0200 |
commit | ec662d01dac16b817981da9ace55230441ef4cd4 (patch) | |
tree | 186f844e848e86adefb1149d8cdc74077e4829e8 /sysdeps/linux | |
parent | cab8791fdd6a174b1aea06410214800a774a729b (diff) | |
download | libgtop-ec662d01dac16b817981da9ace55230441ef4cd4.tar.gz |
Make linux build with server.
Add suid infrastructure.
Demo proc_map.
Diffstat (limited to 'sysdeps/linux')
-rw-r--r-- | sysdeps/linux/Makefile.am | 6 | ||||
-rw-r--r-- | sysdeps/linux/glibtop_machine.h | 4 | ||||
-rw-r--r-- | sysdeps/linux/glibtop_server.h | 2 | ||||
-rw-r--r-- | sysdeps/linux/glibtop_suid.h | 49 | ||||
-rw-r--r-- | sysdeps/linux/procmap.c | 12 | ||||
-rw-r--r-- | sysdeps/linux/suid_open.c | 80 |
6 files changed, 148 insertions, 5 deletions
diff --git a/sysdeps/linux/Makefile.am b/sysdeps/linux/Makefile.am index 7baabe0b..fdd54696 100644 --- a/sysdeps/linux/Makefile.am +++ b/sysdeps/linux/Makefile.am @@ -1,6 +1,6 @@ AM_CPPFLAGS = @AM_CPPFLAGS@ -noinst_LTLIBRARIES = libgtop_sysdeps-2.0.la +noinst_LTLIBRARIES = libgtop_sysdeps-2.0.la libgtop_sysdeps_suid-2.0.la EXTRA_DIST = procmap_smaps.gperf procmap_smaps.c @@ -17,7 +17,9 @@ libgtop_sysdeps_2_0_la_LIBADD = @GLIB_LIBS@ # libgtop_sysdeps_2_0_la_LDFLAGS = $(LT_VERSION_INFO) -libgtopinclude_HEADERS = glibtop_server.h glibtop_machine.h +libgtop_sysdeps_suid_2_0_la_SOURCES = suid_open.c + +libgtopinclude_HEADERS = glibtop_server.h glibtop_machine.h glibtop_suid.h libgtopincludedir = $(includedir)/libgtop-2.0 noinst_HEADERS = glibtop_private.h diff --git a/sysdeps/linux/glibtop_machine.h b/sysdeps/linux/glibtop_machine.h index 5c1daad0..ad3f5f83 100644 --- a/sysdeps/linux/glibtop_machine.h +++ b/sysdeps/linux/glibtop_machine.h @@ -28,6 +28,10 @@ G_BEGIN_DECLS struct _glibtop_machine { + uid_t uid; + uid_t euid; + gid_t gid; + gid_t egid; }; G_END_DECLS diff --git a/sysdeps/linux/glibtop_server.h b/sysdeps/linux/glibtop_server.h index 6240d5de..75f63160 100644 --- a/sysdeps/linux/glibtop_server.h +++ b/sysdeps/linux/glibtop_server.h @@ -39,7 +39,7 @@ #define GLIBTOP_SUID_PROC_KERNEL 0 #define GLIBTOP_SUID_PROC_SEGMENT 0 #define GLIBTOP_SUID_PROC_ARGS 0 -#define GLIBTOP_SUID_PROC_MAP 0 +#define GLIBTOP_SUID_PROC_MAP (1 << GLIBTOP_SYSDEPS_PROC_MAP) #define GLIBTOP_SUID_NETLOAD 0 #define GLIBTOP_SUID_NETLIST 0 #define GLIBTOP_SUID_PROC_WD 0 diff --git a/sysdeps/linux/glibtop_suid.h b/sysdeps/linux/glibtop_suid.h new file mode 100644 index 00000000..b64f1645 --- /dev/null +++ b/sysdeps/linux/glibtop_suid.h @@ -0,0 +1,49 @@ +/* Copyright (C) 2018 Benoît Dejean + + LibGTop is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + LibGTop is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License + along with LibGTop; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifndef __GLIBTOP_SUID_H__ +#define __GLIBTOP_SUID_H__ + +G_BEGIN_DECLS + +#include <glibtop_machine.h> + +static inline void glibtop_suid_enter (glibtop *server) { + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); + setreuid (server->machine->uid, server->machine->euid); + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); +}; + +static inline void glibtop_suid_leave (glibtop *server) { + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); + if (setreuid (server->machine->euid, server->machine->uid)) + _exit (1); + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); +}; + +void +glibtop_init_p (glibtop *server, const unsigned long features, + const unsigned flags); +void +glibtop_open_p (glibtop *server, const char *program_name, + const unsigned long features, + const unsigned flags); + +G_END_DECLS + +#endif diff --git a/sysdeps/linux/procmap.c b/sysdeps/linux/procmap.c index 546d08af..cbbd5c42 100644 --- a/sysdeps/linux/procmap.c +++ b/sysdeps/linux/procmap.c @@ -30,6 +30,7 @@ #include <stddef.h> #include "glibtop_private.h" +#include "glibtop_suid.h" #include "procmap_smaps.c" @@ -60,7 +61,7 @@ static const unsigned long _glibtop_sysdeps_map_entry_smaps = /* Init function. */ void -_glibtop_init_proc_map_s (glibtop *server) +_glibtop_init_proc_map_p (glibtop *server) { server->sysdeps.proc_map = _glibtop_sysdeps_proc_map; } @@ -184,7 +185,7 @@ parse_line(char* line, glibtop_map_entry * -glibtop_get_proc_map_s (glibtop *server, glibtop_proc_map *buf, pid_t pid) +glibtop_get_proc_map_p (glibtop *server, glibtop_proc_map *buf, pid_t pid) { char procfilename[GLIBTOP_MAP_FILENAME_LEN+1]; @@ -214,10 +215,17 @@ glibtop_get_proc_map_s (glibtop *server, glibtop_proc_map *buf, pid_t pid) snprintf (procfilename, sizeof procfilename, filename, (unsigned)pid); + glibtop_suid_enter (server); + if((maps = fopen (procfilename, "r")) == NULL) { + glibtop_suid_leave (server); return (glibtop_map_entry*) g_array_free(entry_list, TRUE); } + glibtop_debug("opened %p", maps); + + glibtop_suid_leave (server); + while(TRUE) { unsigned long perm; diff --git a/sysdeps/linux/suid_open.c b/sysdeps/linux/suid_open.c new file mode 100644 index 00000000..91b22569 --- /dev/null +++ b/sysdeps/linux/suid_open.c @@ -0,0 +1,80 @@ +/* Copyright (C) 2018 Benoît Dejean + + LibGTop is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, + or (at your option) any later version. + + LibGTop is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + for more details. + + You should have received a copy of the GNU General Public License + along with LibGTop; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#include <config.h> +#include <glibtop.h> +#include <glibtop/error.h> +#include <glibtop/cpu.h> +#include <glibtop/open.h> +#include <glibtop/init_hooks.h> +#include <glibtop/machine.h> + + +/* !!! THIS FUNCTION RUNS SUID ROOT - CHANGE WITH CAUTION !!! */ + +void +glibtop_init_p (glibtop *server, const unsigned long features, + const unsigned flags) +{ + const _glibtop_init_func_t *init_fkt; + + if (server == NULL) + glibtop_error_r (NULL, "glibtop_init_p (server == NULL)"); + + /* Do the initialization, but only if not already initialized. */ + + if ((server->flags & _GLIBTOP_INIT_STATE_SYSDEPS) == 0) { + glibtop_open_p (server, "glibtop", features, flags); + + for (init_fkt = _glibtop_init_hook_p; *init_fkt; init_fkt++) + (*init_fkt) (server); + + server->flags |= _GLIBTOP_INIT_STATE_SYSDEPS; + } +} + +void +glibtop_open_p (glibtop *server, const char *program_name, + const unsigned long features, + const unsigned flags) +{ + glibtop_debug ("glibtop_open_p ()"); + + /* !!! WE ARE ROOT HERE - CHANGE WITH CAUTION !!! */ + server->machine->uid = getuid (); + server->machine->euid = geteuid (); + server->machine->gid = getgid (); + server->machine->egid = getegid (); + + /* Drop priviledges. */ + + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); + + if (setreuid (server->machine->euid, server->machine->uid)) + _exit (1); + + if (setregid (server->machine->egid, server->machine->gid)) + _exit (1); + + glibtop_debug ("uid=%d euid=%d gid=%d egid=%d", getuid(), geteuid(), getgid(), getegid()); + + /* !!! END OF SUID ROOT PART !!! */ + + /* Our effective uid is now those of the user invoking the server, + * so we do no longer have any priviledges. */ +} |